Backprt #16164 Gitea will currently check every if every password is an access token even though most passwords are not and cannot be access tokens. By creation access tokens are 40 byte hexadecimal strings therefore only these should be checked. Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
bc82bb9cda
commit
946eb1321c
1 changed files with 7 additions and 1 deletions
|
@ -57,9 +57,15 @@ func GetAccessTokenBySHA(token string) (*AccessToken, error) {
|
|||
if token == "" {
|
||||
return nil, ErrAccessTokenEmpty{}
|
||||
}
|
||||
if len(token) < 8 {
|
||||
// A token is defined as being SHA1 sum these are 40 hexadecimal bytes long
|
||||
if len(token) != 40 {
|
||||
return nil, ErrAccessTokenNotExist{token}
|
||||
}
|
||||
for _, x := range []byte(token) {
|
||||
if x < '0' || (x > '9' && x < 'a') || x > 'f' {
|
||||
return nil, ErrAccessTokenNotExist{token}
|
||||
}
|
||||
}
|
||||
var tokens []AccessToken
|
||||
lastEight := token[len(token)-8:]
|
||||
err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens)
|
||||
|
|
Reference in a new issue